Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fda298f72a1983e613b35cb3becd6ad3_JaffaCakes118
-
Size
130KB
-
Sample
240929-c4dwnswhjq
-
MD5
fda298f72a1983e613b35cb3becd6ad3
-
SHA1
624d8e8c2a0967300cd784b426f2458c260c1ec0
-
SHA256
aaefbc297b57228834cc15f2a9369ad46bc6ec9a5de09dab594b04e9f0637769
-
SHA512
bda59edc47edd9cc5ed7e3cf36f47cd6c09155e78071ac35898cfc8257137cfa0df2d3e47a7523bd0d627e2b707134d8fd62033acbc9551e6b2324083a824efe
-
SSDEEP
3072:Yq6jDD70ClF9yU0kT1mNL9j3FRnOatS2OULqLUe2Mnu:Yq6jDD7v79ytk0V9j1ROatCUcu
Malware Config
Targets
-
-
Target
fda298f72a1983e613b35cb3becd6ad3_JaffaCakes118
-
Size
130KB
-
MD5
fda298f72a1983e613b35cb3becd6ad3
-
SHA1
624d8e8c2a0967300cd784b426f2458c260c1ec0
-
SHA256
aaefbc297b57228834cc15f2a9369ad46bc6ec9a5de09dab594b04e9f0637769
-
SHA512
bda59edc47edd9cc5ed7e3cf36f47cd6c09155e78071ac35898cfc8257137cfa0df2d3e47a7523bd0d627e2b707134d8fd62033acbc9551e6b2324083a824efe
-
SSDEEP
3072:Yq6jDD70ClF9yU0kT1mNL9j3FRnOatS2OULqLUe2Mnu:Yq6jDD7v79ytk0V9j1ROatCUcu
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-